📦 Aim

This vulnerability allows attackers to delete arbitrary files on systems running the aimhubio/aim tracking server. The flaw exists in the LockManager.release_locks function where user-controlled input...

Aim version 3.22.0 has overly permissive CORS settings that allow cross-origin requests from any domain, enabling CSRF attacks on all tracking server endpoints. This vulnerability can be chained with ...

This vulnerability in aimhubio/aim allows attackers to exploit insecure tarfile extraction to write arbitrary files to arbitrary locations on the server. By controlling repo.path and run_hash paramete...

This vulnerability in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the server and exfiltrate arbitrary data by manipulating the `run_hash` and `repo.path` parameters. I...

This vulnerability allows attackers to cause denial of service in aimhubio/aim tracking servers by sending oversized websocket messages containing large images. The server becomes unresponsive while p...

This CVE describes a denial of service vulnerability in aimhubio/aim version 3.25.0 where an attacker can make the web server unresponsive by tracking numerous Text objects and querying them simultane...

This vulnerability in aimhubio/aim version 3.23.0 allows denial of service attacks due to missing timeout configurations in external server communication methods. When the tracking server requests dat...

This vulnerability allows arbitrary file deletion on systems running the aim tracking server. An attacker can craft a glob-pattern to delete files outside the intended directory, potentially causing d...

This vulnerability allows attackers to cause denial of service (DoS) by making API requests for large numbers of tracked metrics simultaneously. The Aim web server becomes unresponsive due to excessiv...

This CSRF vulnerability in aimhubio/aim allows attackers to trick authenticated users into executing unauthorized actions like deleting runs, updating data, and stealing log records and notes. It affe...

CVE-2021-43775 is a path traversal vulnerability in Aim, an open-source machine learning experiment tracking tool. Attackers can use directory traversal sequences like '../' to access arbitrary files ...

This critical vulnerability in aimhubio aim allows remote attackers to execute arbitrary code through improper input validation in the RestrictedPythonQuery function. Attackers can gain elevated privi...

A stored cross-site scripting (XSS) vulnerability in aimhubio/aim version 3.23.0 allows attackers to inject malicious HTML/JavaScript during the training process. When users view tracked texts in the ...

This vulnerability allows attackers to delete arbitrary files or directories on systems running aimhubio/aim version 3.19.3 through path traversal in the runs/delete-batch endpoint. Attackers can expl...

This vulnerability in aimhubio/aim version 3.25.0 allows attackers to cause denial of service by exploiting the sshfs-client's lack of timeout settings. The single-threaded tracking server can be made...

A stored cross-site scripting (XSS) vulnerability in aimhubio/aim version 3.19.3 allows attackers to inject malicious scripts into terminal output logs. When users view the logs-tab, these scripts exe...